If you need to protect a PC or two at home, the individual personal firewalls
work fine. But if you need to provide enterprise-level protection, you need a
product that has reporting capabilities and centralized management. Consider
ICEcap and BlackICE. ICEcap Management Console is used to deploy anti-hacker
software to your enterprise without the overhead of individual installation and
control. ICEcap can remotely install, update, manage and control the BlackICE
Agents, Sentries, and Guards spread out over your entire enterprise. Any attack
on your network, workstation, server, internal segment, WAN, or remote user, is
reported to the ICEcap server for centralized analysis and reporting. ICEcap
consolidates alerts, logs hostile activity, and forwards information to other
applications, such as trouble-ticket systems, or alerts you directly on your
pager or e-mail.
BlackICE agent installs on workstations and servers. BlackICE Sentry installs
on a box on a 100MB segment and monitors for network intrusion attempts (there
is a gigabit version). Check their products out at Network ICE Corp
if you have to move beyond protecting individual boxes.
If you implement this or another enterprise solution, please let me know so I
share your feedback
-Wayne Maples
After beginning my study of penetration testing and securing an NT network, I
started a support page for others who need to protect their NT networks. For
more information, see Tips for NT Administrators in the area of
Penetration Testing, Hacking, and Intrusion Detection
